"Windows has detected spyware infection!" |
||
|---|---|---|
| #0
| ||
|
01.11.2008, 01:26
...neu hier
Themenstarter Beiträge: 10 |
||
 
|
|
|
|
01.11.2008, 01:59
Ehrenmitglied
 Beiträge: 6028 |
#17
Entferne auf C:\SDFix\ backups Papierkorb leeren
Download Smitfraudfix by S!Ri zum Desktop Starte dein Recher in abgesicherten Modus Doppelklick Smitfraudfix.exe. Schreibe: [b]1 (es wird ein Report von den infizierten Dateien erstellt) drücke auf Enter ,um einen Bericht der infizierten Dateien zu bekommen. Kopiere den Inhalt des Berichts in diesen Thread (C:\ rapport.txt ) __________ MfG Argus |
|
|
|
|
|
|
01.11.2008, 02:18
...neu hier
Themenstarter Beiträge: 10 |
#18
Zitat Arnold posteteBisher hatte ich damit nie Probleme(sprich Viren, Würmer oder Sonstiges), war also damit zufrieden, dass es nur mindestens 1-mal im Monat geupdatet wird. SmitFraudFix v2.371 Scan done at 2:13:09.93, 2008-11-01 Run from C:\Dokumente und Einstellungen\Zero\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Zero »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Zero\LOKALE~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Zero\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Zero\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5325088-5DBC-4259-8331-38D462290286}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{F2853315-358A-48D4-8788-6C4DDFBF9493}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C5325088-5DBC-4259-8331-38D462290286}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{F2853315-358A-48D4-8788-6C4DDFBF9493}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CF8D294F-FE9A-4469-9987-D9CBB58D70C9}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{C5325088-5DBC-4259-8331-38D462290286}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{F2853315-358A-48D4-8788-6C4DDFBF9493}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
|
|
01.11.2008, 12:09
Ehrenmitglied
Beiträge: 6028 |
#19
Ich bekomme jede Stunde ein Update
Zitat dass es nur mindestens 1-mal im Monat geupdatet wird.Versuche mal Dial-a-Fix http://virus-protect.org/artikel/tools/dial_a_fix.html __________ MfG Argus |
|
|
|
|
|
|
01.11.2008, 16:13
...neu hier
Themenstarter Beiträge: 10 |
#20
Hatte nichts gebracht. Werde mir wohl aber etwas Anderes mal zulegen.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Run by Zero on 2008-11-01 at 00:50
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\rasqervy.dll - Deleted
C:\WINDOWS\sdfinacs.dll - Deleted
C:\WINDOWS\sdfixwcs.dll - Deleted
C:\WINDOWS\wuasirvy.dll - Deleted
C:\WINDOWS\SYSTEM32\TDSSLVEX.DAT - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 01:12:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:072a4b6e
"s2"=dword:46d9d7f1
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ab,cb,21,c7,10,e4,8c,3c,99,17,eb,49,e4,6b,15,52,8a,b6,9c,e5,77,..
"p0"="C:\Programme\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:92,63,81,0c,19,d8,3c,38,c3,a7,b9,67,48,ea,a6,2e,d0,a1,89,61,83,..
"a0"=hex:20,01,00,00,12,c5,d1,03,ea,de,5f,02,ee,c3,ad,66,52,45,58,56,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:50,92,64,86,1c,3d,88,c6,7c,42,c5,4c,35,df,5c,5f,15,b8,53,bc,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSScjhh.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSScjhh.sys"
"TDSSl"="\systemroot\system32\TDSSddbk.dll"
"tdssservers"="\systemroot\system32\TDSSlvex.dat"
"tdssmain"="\systemroot\system32\TDSSlrvk.dll"
"tdsslog"="\systemroot\system32\TDSSsqdd.dll"
"tdssadw"="\systemroot\system32\TDSSybpg.dll"
"tdssinit"="\systemroot\system32\TDSSvxrv.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSbshc.dll"
"tdsserrors"="\systemroot\system32\TDSSwhbf.log"
"TDSSproc"="\systemroot\system32\TDSSwdck.log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:81,da,23,e4,e0,7d,a1,d8,2d,fc,73,05,52,83,e8,87,5d,ac,0d,21,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,24,c2,a6,d9,1f,ab,5b,70,e4,77,df,8c,07,7d,7b,ee,..
"khjeh"=hex:c1,bf,6c,50,38,2d,ea,36,54,44,27,06,67,02,2a,cc,1c,f8,b8,3a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:80,bb,4d,0f,4f,f4,44,71,5e,bb,55,d1,bc,f6,34,f7,64,a9,e5,9e,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ab,cb,21,c7,10,e4,8c,3c,99,17,eb,49,e4,6b,15,52,8a,b6,9c,e5,77,..
"p0"="C:\Programme\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:92,63,81,0c,19,d8,3c,38,c3,a7,b9,67,48,ea,a6,2e,d0,a1,89,61,83,..
"a0"=hex:20,01,00,00,12,c5,d1,03,ea,de,5f,02,ee,c3,ad,66,52,45,58,56,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:50,92,64,86,1c,3d,88,c6,7c,42,c5,4c,35,df,5c,5f,15,b8,53,bc,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSScjhh.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSScjhh.sys"
"TDSSl"="\systemroot\system32\TDSSddbk.dll"
"tdssservers"="\systemroot\system32\TDSSlvex.dat"
"tdssmain"="\systemroot\system32\TDSSlrvk.dll"
"tdsslog"="\systemroot\system32\TDSSsqdd.dll"
"tdssadw"="\systemroot\system32\TDSSybpg.dll"
"tdssinit"="\systemroot\system32\TDSSvxrv.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSbshc.dll"
"tdsserrors"="\systemroot\system32\TDSSwhbf.log"
"TDSSproc"="\systemroot\system32\TDSSwdck.log"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"=" scanning hidden files ...
C:\WINDOWS\system32\c_340863.nls 133120 bytes executable
C:\WINDOWS\system32\c_340883.nls 407 bytes
C:\WINDOWS\system32\c_340913.nls 11877 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\QIP\\qip.exe"="C:\\Programme\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Spiele\\NAMCO BANDAI Games\\Warhammer© Mark of Chaos\\Warhammer.exe"="C:\\Spiele\\NAMCO BANDAI Games\\Warhammer© Mark of Chaos\\Warhammer.exe:*:Enabled:Warhammer Battle March"
"C:\\CoD4\\iw3mp.exe"="C:\\CoD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 3 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\1a2f8270.dll"
Tue 3 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1ecb99cc.dll"
Tue 3 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2cd274.dll"
Tue 3 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\35e7982.dll"
Mon 4 Dec 2006 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Mon 22 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Tue 15 May 2007 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv02.tmp"
Mon 4 Dec 2006 4,348 A..H. --- "C:\Dokumente und Einstellungen\Zero\Eigene Dateien\Eigene Musik\Lizenzsicherung\drmv1key.bak"
Mon 4 Dec 2006 20 A..H. --- "C:\Dokumente und Einstellungen\Zero\Eigene Dateien\Eigene Musik\Lizenzsicherung\drmv1lic.bak"
Mon 4 Dec 2006 400 A.SH. --- "C:\Dokumente und Einstellungen\Zero\Eigene Dateien\Eigene Musik\Lizenzsicherung\drmv2key.bak"
Finished!